sepolicy : fix compile time issue on new aosp version

to unblock we are commeting  rule which are showing up
neverallow compilation issues.

Change-Id: Iebf1530781360570df307dddd55ca9c8beb0255f

common/audioserver.te

@@ -62,11 +62,11 @@ allow audioserver audio_data_file:dir remove_name;
 allow audioserver proc_audiod:file r_file_perms;
 
 # Allow audioserver to read sysfs dir and sysfs_thermal files for speaker protection
-allow audioserver sysfs:dir r_dir_perms;
+# allow audioserver sysfs:dir r_dir_perms;
 allow audioserver sysfs_thermal:file r_file_perms;
 
 # Allow audioserver to access sysfs nodes
-allow audioserver sysfs:file rw_file_perms;
+# allow audioserver sysfs:file rw_file_perms;
 userdebug_or_eng(`
   diag_use(audioserver)
 ')

common/cameraserver.te

@@ -43,7 +43,7 @@ allow cameraserver sensors_device:chr_file rw_file_perms;
 allow cameraserver system_server:unix_stream_socket { read write };
 
 #Allow read access to soc/msm-cam/video4linux/video0/name sysfs
-allow cameraserver sysfs:file r_file_perms;
+# allow cameraserver sysfs:file r_file_perms;
 
 allow cameraserver persist_file:dir r_dir_perms;
 set_prop(cameraserver, camera_prop)

common/domain.te

@@ -1,11 +1,11 @@
-r_dir_file(domain, sysfs_socinfo);
-r_dir_file(domain, sysfs_esoc);
-r_dir_file(domain, sysfs_ssr);
+# r_dir_file(domain, sysfs_socinfo);
+# r_dir_file(domain, sysfs_esoc);
+# r_dir_file(domain, sysfs_ssr);
 
 dontaudit domain kernel:system module_request;
 
 # Allow all domains read access to sysfs_thermal
-r_dir_file(domain, sysfs_thermal);
+# r_dir_file(domain, sysfs_thermal);
 
 # Allow domain to read /vendor -> /system/vendor
 allow domain system_file:lnk_file getattr;

common/untrusted_app.te

@@ -34,5 +34,8 @@ allow untrusted_app wbc_service:service_manager find;
 # for finding gba_auth_service
 allow untrusted_app gba_auth_service:service_manager find;
 
+#TODO: this are been commeted as there is a new
+#      neverallow resctiction which may need 
+#      some addtional change.
 # allow untrusted apps to access hal_perf
-hal_client_domain(untrusted_app, hal_perf);
+# hal_client_domain(untrusted_app, hal_perf);

common/untrusted_app_25.te

@@ -25,5 +25,8 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+#TODO: Need to revist this changes as this are 
+#      hitting new never_allow so commenting to 
+#      unblock but needs an alternative for this.
 # allow untrusted apps to access hal_perf
-hal_client_domain(untrusted_app_25, hal_perf);
+#hal_client_domain(untrusted_app_25, hal_perf);

common/wificond.te

@@ -25,7 +25,7 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-allow wificond proc:file r_file_perms;
+# allow wificond proc:file r_file_perms;
 allow wificond wifi_vendor_data_file:dir w_dir_perms;
 allow wificond wifi_vendor_data_file:file create_file_perms;
 # allow create/remove bridge interface and read mac addr ioctl privilege

private/dataservice_app.te

@@ -51,7 +51,7 @@ allow dataservice_app dpmd_data_file:file create_file_perms;
 dontaudit dataservice_app domain:dir r_dir_perms;
 
 #allow dpmservice to get running time for apps
-r_dir_file(dataservice_app, appdomain)
+# r_dir_file(dataservice_app, appdomain)
 
 allow dataservice_app self:socket create_socket_perms;
 allowxperm dataservice_app self:socket ioctl msm_sock_ipc_ioctls_system;

private/qti-testscripts.te

@@ -74,8 +74,8 @@ userdebug_or_eng(`
   #under one common file.
 
   # All domains can read proc enrty of qti-testscripts
-  r_dir_file(domain, qti-testscripts)
-  r_dir_file(qti-testscripts, domain)
+  # r_dir_file(domain, qti-testscripts)
+  # r_dir_file(qti-testscripts, domain)
   
 # allow adbd qti-testscripts:process dyntransition;
   #allow { domain -mediaextractor -mediacodec } qti-testscripts:unix_stream_socket connectto;

test/domain.te

@@ -28,7 +28,7 @@
 #allow all gpu clients to access configuration settings
 userdebug_or_eng(`
 allow domain sysfs_kgsl:dir search;
-r_dir_file(domain, sysfs_kgsl_snapshot);
+# r_dir_file(domain, sysfs_kgsl_snapshot);
 allow domain coredump_file:dir create_dir_perms;
 allow domain coredump_file:file create_file_perms;
 allow domain coredump_file:dir rw_dir_perms;

test/pdt_app.te

@@ -33,7 +33,7 @@ type pdt_app, domain;
 app_domain(pdt_app);
 net_domain(pdt_app)
 permissive pdt_app;
-r_dir_file(pdt_app, domain)
+# r_dir_file(pdt_app, domain)
 dontaudit pdt_app service_manager_type:service_manager *;
 dontaudit pdt_app hwservice_manager_type:hwservice_manager *;
 dontaudit pdt_app file_type:dir_file_class_set *;

test/vendor-qti-testscripts.te

@@ -70,8 +70,8 @@ userdebug_or_eng(`
   #under one common file.
 
   # All domains can read proc enrty of vendor-qti-testscripts
-  r_dir_file(domain, vendor-qti-testscripts)
-  r_dir_file(vendor-qti-testscripts, domain)
+  # r_dir_file(domain, vendor-qti-testscripts)
+  # r_dir_file(vendor-qti-testscripts, domain)
 
  # allow adbd vendor-qti-testscripts:process dyntransition;
  # allow { domain -mediaextractor -mediacodec } vendor-qti-testscripts:unix_stream_socket connectto;